An online commerce architecture enables merchants to setup online stores that are hosted by third party Internet service providers (ISPs). The architecture provides secure storage of the merchant's commerce information at the ISP-hosted store, based upon a private/public key pair owned by the merchant. When a purchase request is received from a customer, the ISP encrypts all or part of the request using a newly generated session key, and then encrypts that session key with the merchant's public key. The purchase request is stored at the ISP in its encrypted form. The merchant routinely accesses the ISP and retrieves the purchase requests in their encrypted form. The merchant decrypts the session key using the merchant's private key and then decrypts the purchase request using the recovered session key. Since only the merchant knows its private key, no one else (including the ISP) can decrypt the session key to decrypt the purchase requests for the merchant.
Legal claims defining the scope of protection, as filed with the USPTO.
1. An online commerce system comprising: a plurality of merchant computers, one merchant computer for each of a plurality of merchants, each merchant computer storing a private key and having a decryption unit; a service provider computer having a commerce server to host an online store on behalf of each of the merchants and to temporarily store merchant-destined commerce data received from customers of each online store, the service provider computer storing a plurality of public keys, each public key corresponding to a private key of a merchant computer, the service provider computer being further configured to identify a merchant for which merchant-destined commerce data is received; an encryption unit at the service provider computer that is configured to receive and encode merchant-destined commerce data for a merchant using, at least in part, a function based on the public key corresponding to the private key of the merchant; and the merchant computer of the merchant being configured to access and retrieve the merchant-destined commerce data for the merchant, and the decryption unit at the merchant computer decoding the commerce data using, at least in part, a function based on the private key of the merchant.
2. An online commerce system as recited in claim 1 , wherein each merchant computer comprises a key generator to create the public and private keys for the merchant computer.
3. An online commerce system as recited in claim 1 , wherein: the service provider computer comprises a key generator to create a session key; and the encryption unit at the service provider computer being configured to encrypt the merchant-destined commerce data for the first merchant using the session key and to encrypt the session key using the public key of the first merchant; and the decryption unit at the first merchant computer being configured to decrypt the session key using the private key of the first merchant and to decrypt the merchant-destined commerce data for the first merchant using the session key.
4. An online commerce Web site hosted at a service provider on behalf of a plurality of merchants, comprising: a server computer to host an online store for each merchant and to receive customer-supplied data from customers who visit the online stores, the server computer being programmed to transform customer-supplied data for each merchant in a manner that only the merchant for which the customer-supplied data is intended can convert the customer-supplied data back to an original form; and a storage to temporarily store the received customer-supplied data in its transformed state, the customer-supplied data received for one merchant being stored so that it is uniquely identifiable from the customer-supplied data received for the other merchants.
5. An online commerce Web site as recited in claim 4 , wherein the server computer transforms the customer-supplied data for a merchant using one or more functions that utilize a secret supplied by the merchant so that the customer-supplied data cannot be converted back to the original form without knowledge of the secret.
6. An online commerce Web site as recited in claim 4 , wherein the server computer encrypts the customer-supplied data for a particular merchant using a session key and encrypts the session key using a public key associated with the particular merchant.
7. An online commerce Web site as recited in claim 4 , wherein each merchant downloads the customer-supplied data in its transformed state from the server computer.
8. A system architecture for an online commerce system in which a third party service provider hosts online Web sites on behalf of multiple merchants, comprising: a server to serve content on behalf of the merchants and to receive data supplied by customers that is destined for one of the merchants; and an order encryptor at the server to encrypt the merchant-destined data using a session key and to encrypt the session key using a public key associated with the merchant for which the data is destined.
9. A system architecture as recited in claim 8 , further comprising an order decryptor to decrypt the session key using a private key associated with the merchant's public key and to decrypt the merchant-destined data using the decrypted session key.
10. An online commerce system, comprising: the system architecture as recited in claim 8 , resident at the service provider; and wherein each merchant has its own pair of public and private keys to access their merchant-destined data.
11. A system architecture for an online commerce system in which a third party service provider computer system hosts online stores on behalf of multiple merchants, comprising: a commerce server, resident at the service provider computer system, to serve Web pages that, when rendered, present the merchants' online stores and to receive purchase requests supplied by the customer to purchase products from the online stores; an order encryptor, resident at the service provider computer system, to encrypt each purchase request using a session key and to encrypt the session key using a public key associated with a merchant associated with the purchase request; and an order decryptor, resident at the merchant computer system associated with the purchase request, to decrypt the session key using a private key associated with the public key and to decrypt the purchase request using the decrypted session key.
12. A system architecture as recited in claim 11 , further comprising a key generator, resident at each merchant computer system, to generate the public and private keys for the merchant computer system.
13. A system architecture as recited in claim 11 , wherein the order encryptor encrypts all data contained in the purchase request using the session key.
14. A system architecture as recited in claim 11 , wherein the purchase request has multiple data fields, and the order encryptor encrypts selected ones of the data fields using the session key.
15. A method comprising: installing a first online store at a service provider remote from a first merchant; installing a second online store at a service provider remote from a second merchant; receiving first customer-supplied data at the service provider from customers who visit the first online store; receiving second customer-supplied data at the service provider from customers who visit the second online store; encoding the first customer-supplied data at the service provider from an original state to a transformed state in a manner that only the first merchant can decode the first customer-supplied data back to the original state; encoding the second customer-supplied data at the service provider from an original state to a transformed state in a manner that only the second merchant can decode the second customer-supplied data back to the original state; and storing the first customer-supplied data in the transformed state and associating it with the first merchant; storing the second customer-supplied data in the transformed state and associating it with the second merchant.
16. A method as recited in claim 15 , wherein the encoding comprises: encrypting the first customer-supplied data using, in part, a public key associated with the first merchant; and encrypting the second customer-supplied data using, in part, a public key associated with the second merchant.
17. A method as recited in claim 15 , wherein the encoding comprises: encrypting the customer-supplied data using a session key and encrypting the session key using a public key associated with the merchant; and encrypting the second customer-supplied data using a session key and encrypting the session key using a public key associated with the second merchant.
18. A method as recited in claim 15 , further comprising: retrieving the first customer-supplied data in the transformed state from the service provider to the first merchant; decoding, at the first merchant, the first customer-supplied data from the transformed state back to the original state; retrieving the second customer-supplied data in the transformed state from the service provider to the second merchant; and decoding, at the second merchant, the second customer-supplied data from the transformed state back to the original state.
19. A method for installing multiple online stores, comprising the following steps: creating Web pages that form an online store owned by a first merchant; creating Web pages that form an online store owned by a second merchant; hosting the Web pages at a service provider remote from the merchants; generating a first pair of private and public keys associated with the first merchant that are used to encrypt and decrypt merchant-destined data received via the online store owned by the first merchant; generating a second pair of private and public keys associated with the second merchant that are used to encrypt and decrypt merchant-destined data received via the online store owned by the second merchant; storing the first private key at the first merchant; storing the second private key at the second merchant; and storing the public keys at the service provider.
20. Computer-readable media having computer executable instructions for installing multiple online stores, the computer-executable instructions performing the following steps: creating Web pages that form an online store owned by a first merchant; creating Web pages that form an online store owned by a second merchant; hosting the Web pages at a service provider remote from the merchants; generating a first pair of private and public keys associated with the first merchant that are used to encrypt and decrypt merchant-destined data received via the online store owned by the first merchant; generating a second pair of private and public keys associated with the second merchant that are used to encrypt and decrypt merchant-destined data received via the online store owned by the second merchant; storing the first private key at the first merchant; storing the second private key at the second merchant; and storing the public keys at the service provider.
21. A method for handling a purchase request for goods and/or services offered in an online store, the online store being hosted by a service provider on behalf of a first merchant, the method comprising: encoding the purchase request at the service provider in a manner that only the first merchant can decode the purchase request; storing the purchase request in the encoded state; and wherein the service provider also hosts at least a second online store on behalf of a second merchant and stores encoded second merchant purchase requests in a manner that only the second merchant can decode the second merchant purchase requests.
22. A method as recited in claim 21 , wherein the encoding comprises encrypting the purchase request using, in part, a public key associated with the first merchant.
23. A method as recited in claim 21 , wherein the encoding comprises encrypting the purchase request using a session key and encrypting the session key using a public key associated with the first merchant.
24. A computer-readable medium having computer executable instructions for installing multiple online stores, the computer-executable instructions performing the following steps: encoding a purchase request at the service provider in a manner that only the first merchant can decode the purchase request; storing the purchase request in the encoded state; and wherein the service provider also hosts at least a second online store on behalf of a second merchant and stores encoded second merchant purchase requests in a manner that only the second merchant can decode the second merchant purchase requests.
25. Computer-readable media distributed at a service provider and a multiple merchant computers, the service provider hosting an online store on behalf of each of the merchants, the computer-readable media storing computer-executable instructions for performing steps comprising: generating a pair of private and public keys associated with a first merchant; storing the first merchant's private key at the first merchant; storing the first merchant's public key at the service provider; receiving a first purchase request at the service provider from a customer of the online store of the first merchant; generating a first session key; encrypting, at the service provider, at least a portion of the first purchase request using the first session key; encrypting, at the service provider, the first session key using the first merchant's public key; storing the first purchase request and the first session key in their encrypted form at the service provider; transferring the first purchase request and the first session key in their encrypted form from the service provider to the first merchant; decrypting, at the first merchant, the first session key using the first merchant's private key; decrypting, at the first merchant, the first purchase request using the first session key; generating a pair of private and public keys associated with a second merchant; storing the second merchant's private key at the second merchant; storing the second merchant's public key at the service provider; receiving a second purchase request at the service provider from a customer of the online store of the second merchant; generating a second session key; encrypting, at the service provider, at least a portion of the second purchase request using the second session key; encrypting, at the service provider, the second session key using the second merchant's public key; storing the second purchase request and the second session key in their encrypted form at the service provider; transferring the second purchase request and the second session key in their encrypted form from the service provider to the second merchant; decrypting, at the second merchant, the second session key using the second merchant's private key; decrypting, at the second merchant, the second purchase request using the second session key.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
January 11, 1999
July 6, 2004
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.